专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20130198522A1 SYSTEMS AND METHODS FOR FILE ACCESS AUDITING 有权
标题翻译：用于文件访问的系统和方法
公开(公告)号：US20130198522A1
公开(公告)日：2013-08-01
申请号：US13640034
申请日：2011-04-08
申请人： Tadayoshi Kohno , Roxana Geambasu , Henry Levy , Steven Gribble
发明人： Tadayoshi Kohno , Roxana Geambasu , Henry Levy , Steven Gribble
IPC分类号： G06F21/62
CPC分类号： G06F21/62 , G06F21/88 , G06F2221/2101
摘要： Systems and methods for providing an auditing file system for theft-prone devices are disclosed. The auditing file system supports fine-grained file auditing: a user may obtain reliable, explicit evidence that no files have been accessed after a device's loss. A user may also disable future file access after a device's loss, even in the absence of device network connectivity. In one embodiment, files are encrypted locally but the encryption keys are stored remotely, so that an audit server is queried for encryption keys to access protected files. By configuring the audit server to refuse to return a particular file's key, the user can prevent new accesses after the device is lost.
摘要翻译：公开了用于提供用于盗窃设备的审核文件系统的系统和方法。审核文件系统支持细粒度文件审核：用户可以获得可靠，明确的证据，证明在设备丢失后没有访问任何文件。即使在没有设备网络连接的情况下，用户也可能在设备丢失后禁用未来的文件访问。在一个实施例中，文件是本地加密的，但是加密密钥被远程存储，使得查询审计服务器以获得访问受保护文件的加密密钥。通过配置审计服务器拒绝返回特定文件的密钥，用户可以在设备丢失后阻止新的访问。

2. 发明授权

US09489523B2 Systems and methods for file access auditing 有权
标题翻译：用于文件访问审核的系统和方法
公开(公告)号：US09489523B2
公开(公告)日：2016-11-08
申请号：US13640034
申请日：2011-04-08
申请人： Tadayoshi Kohno , Roxana Geambasu , Henry Levy , Steven Gribble
发明人： Tadayoshi Kohno , Roxana Geambasu , Henry Levy , Steven Gribble
IPC分类号： G06F21/00 , G06F21/62 , G06F21/88
CPC分类号： G06F21/62 , G06F21/88 , G06F2221/2101
摘要： Systems and methods for providing an auditing file system for theft-prone devices are disclosed. The auditing file system supports fine-grained file auditing: a user may obtain reliable, explicit evidence that no files have been accessed after a device's loss. A user may also disable future file access after a device's loss, even in the absence of device network connectivity. In one embodiment, files are encrypted locally but the encryption keys are stored remotely, so that an audit server is queried for encryption keys to access protected files. By configuring the audit server to refuse to return a particular file's key, the user can prevent new accesses after the device is lost.
摘要翻译：公开了用于提供用于盗窃设备的审核文件系统的系统和方法。审核文件系统支持细粒度文件审核：用户可以获得可靠，明确的证据，证明在设备丢失后没有访问任何文件。即使在没有设备网络连接的情况下，用户也可能在设备丢失后禁用未来的文件访问。在一个实施例中，文件是本地加密的，但是加密密钥被远程存储，使得查询审计服务器以获得访问受保护文件的加密密钥。通过配置审计服务器拒绝返回特定文件的密钥，用户可以在设备丢失后阻止新的访问。

3. 发明授权

US08520855B1 Encapsulation and decapsulation for data disintegration 有权
标题翻译：数据分解的封装和解封装
公开(公告)号：US08520855B1
公开(公告)日：2013-08-27
申请号：US12718885
申请日：2010-03-05
申请人： Tadayoshi Kohno , Roxana Geambasu , Henry M. Levy
发明人： Tadayoshi Kohno , Roxana Geambasu , Henry M. Levy
IPC分类号： G06F21/00
CPC分类号： G06F21/602 , G06F2221/2143
摘要： A configuration for encapsulating data that is unreadable after a predetermined timeout. To encapsulate data a random data key is generated and split into shares. A threshold number of shares are needed to reconstruct the key. The shares are stored at random locations within one or more networks. Each location is configured to delete the stored data after a predetermined time period. Encapsulated data is created by creating a vanishing data object (VDO) comprising the encrypted data, and data sufficient to locate at least a threshold number of key shares from their stored locations. The VDO becomes inaccessible after enough shares of the data are deleted such that the data key cannot be restored. However, if prior to timeout a sufficient number of data key shares are located and retrieved the data key can be reconstructed. The reconstructed data key is then used to decrypt the original data.
摘要翻译：用于封装在预定超时后不可读的数据的配置。为了封装数据，生成随机数据密钥并将其分割为共享。需要临时数量的股份来重建密钥。共享存储在一个或多个网络内的随机位置。每个位置被配置为在预定时间段之后删除所存储的数据。通过创建包含加密数据的消失数据对象（VDO）以及足以从其存储的位置定位至少一个阈值数量的密钥份额的数据来创建封装数据。在删除了足够的数据份额后，VDO就无法访问，从而数据密钥无法恢复。然而，如果在超时之前，定位和检索足够数量的数据密钥共享，则可以重建数据密钥。然后，重建的数据密钥用于解密原始数据。

4. 发明申请

US20130205385A1 PROVIDING INTENT-BASED ACCESS TO USER-OWNED RESOURCES 审中-公开
标题翻译：提供基于用户资源的基于INTENT的访问
公开(公告)号：US20130205385A1
公开(公告)日：2013-08-08
申请号：US13368334
申请日：2012-02-08
申请人： Franziska Roesner , Tadayoshi Kohno , Alexander Moshchuk , Bryan J. Parno , Helen J. Wang
发明人： Franziska Roesner , Tadayoshi Kohno , Alexander Moshchuk , Bryan J. Parno , Helen J. Wang
IPC分类号： G06F21/00
CPC分类号： G06F21/6245 , G06F2221/2113 , G06F2221/2141
摘要： An access system is described herein which allows an application to access a system-level and/or application-specific user-owned resource based on a user's interaction with an intent-based access mechanism. For example, the intent-based access mechanism may correspond to a gadget that is embedded in an application user interface provided by the application, and/or logic for detecting a permission-granting input sequence. The access system accommodates different types of intent-based access mechanisms. One type is a scheduled intent-based access mechanism. Another type provides access to two or more user-owned resources. Further, the access system includes a mechanism for determining whether the application is permitted to use an intent-based access mechanism.
摘要翻译：本文描述了访问系统，其允许应用程序基于用户与基于意图的访问机制的交互来访问系统级和/或应用特定的用户拥有的资源。例如，基于意图的访问机制可以对应于嵌入在由应用程序提供的应用程序用户界面中的小工具和/或用于检测授权许可输入序列的逻辑。访问系统适应不同类型的基于意图的访问机制。一种类型是一种计划的基于意图的访问机制。另一种类型提供对两个或更多用户拥有的资源的访问。此外，访问系统包括用于确定应用是否被允许使用基于意图的访问机制的机制。

5. 发明授权

US08387122B2 Access control by testing for shared knowledge 有权
标题翻译：通过测试获取共享知识的访问控制
公开(公告)号：US08387122B2
公开(公告)日：2013-02-26
申请号：US12466242
申请日：2009-05-14
申请人： Michael Toomim , James Fogarty , James Landay , Nathan Morris , Xianhang Zhang , Tadayoshi Kohno
发明人： Michael Toomim , James Fogarty , James Landay , Nathan Morris , Xianhang Zhang , Tadayoshi Kohno
IPC分类号： H04L9/00 , G06F21/00
CPC分类号： G06F21/6218 , G06F2221/2131
摘要： Access to resource(s) intended to be shared with specific groups of individuals is controlled using concise tests of shared knowledge instead of (or in addition) to accounts and access control lists. Users can readily learn the concept and choose questions that will control the access by the desired group with little effort. Such questions can be relatively secure to guesses by those not intended to have access, particularly if the number of allowed guesses is relatively limited. Users can generally predict the security of their questions, but sometimes underestimate the ability of attackers to use Web searching or enumeration to discover answers. In such cases, the system can automatically discover weak questions and then suggest alternatives. By lowering the threshold to access control, shared knowledge tests can enable more types of information to acquire collaborative value on the Internet and on other types of networks.
摘要翻译：访问旨在与特定个人群体共享的资源使用共享知识的简洁测试而不是（或另外）对帐户和访问控制列表进行控制。用户可以轻松学习概念，并选择可以很少的努力来控制所需组的访问的问题。这些问题可能相对安全，以致不能访问的人的猜测，特别是如果允许的猜测的数量相对有限。用户通常可以预测他们的问题的安全性，但有时会低估攻击者使用网络搜索或枚举来发现答案的能力。在这种情况下，系统可以自动发现弱问题，然后提出替代方案。通过降低访问控制的门槛，共享知识测试可以使更多类型的信息在互联网和其他类型的网络上获得协作价值。

6. 发明授权

US08643475B1 Radio frequency identification secret handshakes 失效
标题翻译：射频识别秘密握手
公开(公告)号：US08643475B1
公开(公告)日：2014-02-04
申请号：US12759133
申请日：2010-04-13
申请人： Tadayoshi Kohno , Alexei Czeskis , Karl Koscher , Joshua R Smith
发明人： Tadayoshi Kohno , Alexei Czeskis , Karl Koscher , Joshua R Smith
IPC分类号： H04Q5/22
CPC分类号： G06K19/07345 , H04Q2213/13095
摘要： An approach for defending radio frequency identification (RFID) tags and other contactless cards against ghost-and-leech (a.k.a. proxying, relay, or man-in-the-middle) attacks incorporates gesture recognition techniques directly implemented with the RFID tags or contactless cards. These tags or cards will only engage in wireless communications when they internally detect “secret handshakes.” A secret handshake recognition system is implemented on a passive WISP RFID tag having a built-in accelerometer. This approach is backward compatible with existing deployments of RFID tag and contactless card readers and is also designed to minimize the changes to the existing usage model of certain classes of RFID and contactless cards, such as access cards that are kept in a wallet or purse, by enabling execution of secret handshakes without removing the card. This novel approach can also improve the security and privacy properties in other uses of RFID tags, e.g., contactless payment cards.
摘要翻译：用于防御无线电频率识别（RFID）标签和其他非接触式卡对抗幽灵和水蛭（也称代理，中继或中间人）攻击的方法包括使用RFID标签或非接触式卡直接实现的手势识别技术。这些标签或卡只有在内部侦测到“秘密握手”时才会进行无线通信。在具有内置加速度计的被动WISP RFID标签上实施秘密握手识别系统。这种方法向后兼容RFID标签和非接触式读卡器的现有部署，并且还被设计为最小化对某些类别的RFID和非接触式卡（例如保存在钱包或钱包中的接入卡）的现有使用模型的变化，通过执行秘密握手而不移除卡。这种新颖的方法还可以改善RFID标签（例如非接触式支付卡）的其他用途中的安全性和隐私性。

7. 发明申请

US20130117840A1 USER-DRIVEN ACCESS CONTROL 有权
标题翻译：用户驱动访问控制
公开(公告)号：US20130117840A1
公开(公告)日：2013-05-09
申请号：US13292090
申请日：2011-11-09
申请人： Franziska Roesner , Tadayoshi Kohno , Alexander Moshchuk , Bryan J. Parno , Helen J. Wang
发明人： Franziska Roesner , Tadayoshi Kohno , Alexander Moshchuk , Bryan J. Parno , Helen J. Wang
IPC分类号： G06F21/00 , G06F3/048
CPC分类号： H04L63/10 , G06F21/6281 , G06F2221/2111 , G06F2221/2141 , H04L63/107
摘要： An access system is described herein which allows an application module to access a user-owned resource based on an indication of a user's intent to interact with the user-owned resource. For example, the application module can provide an application user interface which embeds a gadget associated with a particular user-owned resource. The access system can interpret the user's interaction with the gadget as conferring implicit permission to the application module to access the user-owned resource associated with the gadget. In addition, or alternatively, the user may make a telltale gesture in the course of interacting with the application module. The access system can interpret this gesture as conferring implicit permission to the application module to access a user-owned resource that is associated with the gesture.
摘要翻译：本文描述了访问系统，其允许应用模块基于用户与用户所有资源交互的意图的指示来访问用户拥有的资源。例如，应用程序模块可以提供嵌入与特定用户所有资源相关联的小工具的应用程序用户界面。访问系统可以解释用户与小工具的交互，因为授予应用程序模块访问与小工具相关联的用户所有资源的隐式权限。另外或替代地，用户可以在与应用模块进行交互的过程中进行说明手势。访问系统可以将该手势解释为赋予应用模块隐式许可以访问与该手势相关联的用户拥有的资源。

8. 发明申请

US20090323972A1 PRIVACY-PRESERVING LOCATION TRACKING FOR DEVICES 有权
标题翻译：隐私保护位置跟踪设备
公开(公告)号：US20090323972A1
公开(公告)日：2009-12-31
申请号：US12276829
申请日：2008-11-24
申请人： Tadayoshi Kohno , Arvind Krishnamurthy , Gabriel Maganis , Thomas Ristenpart
发明人： Tadayoshi Kohno , Arvind Krishnamurthy , Gabriel Maganis , Thomas Ristenpart
IPC分类号： H04L9/22
CPC分类号： H04L9/08 , G06F17/30097 , G06F17/30312 , G06F17/30613 , G06F17/30619 , G06F17/3087 , G06F21/6245 , G06F2221/2111 , H04L9/0631 , H04L9/0662 , H04L9/0861 , H04L9/0883 , H04L9/0891 , H04L9/30 , H04L9/3255 , H04L63/0428 , H04L63/06 , H04L63/08
摘要： A privacy-preserving device-tracking system and method to assist in the recovery of lost or stolen Internet-connected mobile devices. The function of such a system seem contradictory, since it is desirable to hide a device's legitimately-visited locations from third-party services and other parties to achieve location privacy, while still enabling recovery of the device's location(s) after it goes missing by tracking the device to determine its location. An exemplary embodiment uses a DHT for storing encrypted location information and other forensic information in connection with indices that are successively determined based on initial pseudorandom seed information (i.e., state) that is retained by the owner of the device. Using the seed information, the software can determine indices mapped to location information stored after the device went missing, enabling the device to be located. Numerous extensions are discussed for the basic exemplary design that increase its suitability for particular deployment environments.
摘要翻译：一种隐私保护设备跟踪系统和方法，用于帮助恢复丢失或被盗互联网连接的移动设备。这种系统的功能似乎是矛盾的，因为希望将设备的合法访问位置从第三方服务和其他方隐藏以实现位置隐私，同时仍然允许在设备丢失之后恢复设备的位置跟踪设备以确定其位置。一个示例性实施例使用DHT来存储加密的位置信息和其他取证信息，该索引是根据由设备所有者保留的初始伪随机种子信息（即，状态）连续确定的索引。使用种子信息，软件可以确定映射到设备丢失之后存储的位置信息的索引，使得能够定位设备。讨论了增加其针对特定部署环境的适用性的基本示例性设计的大量扩展。

9. 发明申请

US20090288150A1 ACCESS CONTROL BY TESTING FOR SHARED KNOWLEDGE 有权
标题翻译：通过共享知识测试访问控制
公开(公告)号：US20090288150A1
公开(公告)日：2009-11-19
申请号：US12466242
申请日：2009-05-14
申请人： Michael Toomim , James Fogarty , James Landay , Nathan Morris , Xianhang Zhang , Tadayoshi Kohno
发明人： Michael Toomim , James Fogarty , James Landay , Nathan Morris , Xianhang Zhang , Tadayoshi Kohno
IPC分类号： G06F7/04
CPC分类号： G06F21/6218 , G06F2221/2131
摘要： Access to resource(s) intended to be shared with specific groups of individuals is controlled using concise tests of shared knowledge instead of (or in addition) to accounts and access control lists. Users can readily learn the concept and choose questions that will control the access by the desired group with little effort. Such questions can be relatively secure to guesses by those not intended to have access, particularly if the number of allowed guesses is relatively limited. Users can generally predict the security of their questions, but sometimes underestimate the ability of attackers to use Web searching or enumeration to discover answers. In such cases, the system can automatically discover weak questions and then suggest alternatives. By lowering the threshold to access control, shared knowledge tests can enable more types of information to acquire collaborative value on the Internet and on other types of networks.
摘要翻译：访问旨在与特定个人群体共享的资源使用共享知识的简洁测试而不是（或另外）对帐户和访问控制列表进行控制。用户可以轻松学习概念，并选择可以很少的努力来控制所需组的访问的问题。这些问题可能相对安全，以致不能访问的人的猜测，特别是如果允许的猜测的数量相对有限。用户通常可以预测他们的问题的安全性，但有时会低估攻击者使用网络搜索或枚举来发现答案的能力。在这种情况下，系统可以自动发现弱问题，然后提出替代方案。通过降低访问控制的门槛，共享知识测试可以使更多类型的信息在互联网和其他类型的网络上获得协作价值。

10. 发明授权

US09106650B2 User-driven access control 有权
标题翻译：用户驱动的访问控制
公开(公告)号：US09106650B2
公开(公告)日：2015-08-11
申请号：US13292090
申请日：2011-11-09
申请人： Franziska Roesner , Tadayoshi Kohno , Alexander Moshchuk , Bryan J. Parno , Helen J. Wang
发明人： Franziska Roesner , Tadayoshi Kohno , Alexander Moshchuk , Bryan J. Parno , Helen J. Wang
IPC分类号： G06F7/04 , H04L29/06 , G06F21/62
CPC分类号： H04L63/10 , G06F21/6281 , G06F2221/2111 , G06F2221/2141 , H04L63/107
摘要： An access system is described herein which allows an application module to access a user-owned resource based on an indication of a user's intent to interact with the user-owned resource. For example, the application module can provide an application user interface which embeds a gadget associated with a particular user-owned resource. The access system can interpret the user's interaction with the gadget as conferring implicit permission to the application module to access the user-owned resource associated with the gadget. In addition, or alternatively, the user may make a telltale gesture in the course of interacting with the application module. The access system can interpret this gesture as conferring implicit permission to the application module to access a user-owned resource that is associated with the gesture.
摘要翻译：本文描述了访问系统，其允许应用模块基于用户与用户所有资源交互的意图的指示来访问用户拥有的资源。例如，应用程序模块可以提供嵌入与特定用户所有资源相关联的小工具的应用程序用户界面。访问系统可以解释用户与小工具的交互，因为授予应用程序模块访问与小工具相关联的用户所有资源的隐式权限。另外或替代地，用户可以在与应用模块进行交互的过程中进行说明手势。访问系统可以将该手势解释为赋予应用模块隐式许可以访问与该手势相关联的用户拥有的资源。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式